Search Results (366668 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-45928 1 Libjxl Project 1 Libjxl 2024-11-21 5.5 Medium
libjxl b02d6b9, as used in libvips 8.11 through 8.11.2 and other products, has an out-of-bounds write in jxl::ModularFrameDecoder::DecodeGroup (called from jxl::FrameDecoder::ProcessACGroup and jxl::ThreadPool::RunCallState<jxl::FrameDecoder::ProcessSections).
CVE-2021-45927 1 Mdbtools Project 1 Mdbtools 2024-11-21 7.8 High
MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0x7ffd6e029ee0) in mdb_numeric_to_string (called from mdb_xfer_bound_data and _mdb_attempt_bind).
CVE-2021-45926 1 Mdbtools Project 1 Mdbtools 2024-11-21 7.8 High
MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0x7ffd0c689be0) in mdb_numeric_to_string (called from mdb_xfer_bound_data and _mdb_attempt_bind).
CVE-2021-45919 1 Std42 1 Elfinder 2024-11-21 5.4 Medium
Studio 42 elFinder through 2.1.31 allows XSS via an SVG document.
CVE-2021-45918 1 Nhi 1 Health Insurance Web Service Component 2024-11-21 7.5 High
NHI’s health insurance web service component has insufficient validation for input string length, which can result in heap-based buffer overflow attack. A remote attacker can exploit this vulnerability to flood the memory space reserved for the program, in order to terminate service without authentication, which requires a system restart to recover service.
CVE-2021-45917 1 Sun Moon Jingyao 2 Network Computer Terminal Protection System, Network Computer Terminal Protection System Firmware 2024-11-21 8 High
The server-request receiver function of Shockwall system has an improper authentication vulnerability. An authenticated attacker of an agent computer within the local area network can use the local registry information to launch server-side request forgery (SSRF) attack on another agent computer, resulting in arbitrary code execution for controlling the system or disrupting service.
CVE-2021-45916 1 Smr 1 Shenwang Endpoint Protection Security System 2024-11-21 3.5 Low
The programming function of Shockwall system has an improper input validation vulnerability. An authenticated attacker within the local area network can send malicious response to the server to disrupt the service partially.
CVE-2021-45915 1 Luxsoft 1 Luxcal 2024-11-21 9.8 Critical
In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a cookie value. This allows the attacker's session to be authenticated as any registered LuxCal user, including the site administrator.
CVE-2021-45914 1 Luxsoft 1 Luxcal 2024-11-21 9.8 Critical
In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a POST request. This allows the attacker's session to be authenticated as any registered LuxCal user, including the site administrator.
CVE-2021-45913 1 Controlup 1 Controlup Agent 2024-11-21 7.2 High
A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel.
CVE-2021-45912 1 Controlup 1 Real-time Agent 2024-11-21 7.8 High
An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cuAgent.exe) before 8.5 potentially allows an attacker to run OS commands via the ProcessActionRequest WCF method.
CVE-2021-45911 2 Debian, Gif2apng Project 2 Debian Linux, Gif2apng 2024-11-21 7.8 High
An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow in the main function. It allows an attacker to write 2 bytes outside the boundaries of the buffer.
CVE-2021-45910 2 Debian, Gif2apng Project 2 Debian Linux, Gif2apng 2024-11-21 7.8 High
An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow within the main function. It allows an attacker to write data outside of the allocated buffer. The attacker has control over a part of the address that data is written to, control over the written data, and (to some extent) control over the amount of data that is written.
CVE-2021-45909 2 Debian, Gif2apng Project 2 Debian Linux, Gif2apng 2024-11-21 7.8 High
An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow vulnerability in the DecodeLZW function. It allows an attacker to write a large amount of arbitrary data outside the boundaries of a buffer.
CVE-2021-45908 1 Gif2apng Project 1 Gif2apng 2024-11-21 7.8 High
An issue was discovered in gif2apng 1.9. There is a stack-based buffer overflow involving a while loop. An attacker has little influence over the data written to the stack, making it unlikely that the flow of control can be subverted.
CVE-2021-45907 1 Gif2apng Project 1 Gif2apng 2024-11-21 7.8 High
An issue was discovered in gif2apng 1.9. There is a stack-based buffer overflow involving a for loop. An attacker has little influence over the data written to the stack, making it unlikely that the flow of control can be subverted.
CVE-2021-45906 1 Openwrt 1 Openwrt 2024-11-21 5.4 Medium
OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen.
CVE-2021-45905 1 Openwrt 1 Openwrt 2024-11-21 5.4 Medium
OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen.
CVE-2021-45904 1 Openwrt 1 Openwrt 2024-11-21 5.4 Medium
OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen.
CVE-2021-45903 1 Salesagility 1 Suitecrm 2024-11-21 6.1 Medium
A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268.